Information Security Audit

Description

• Information Security Bachelor's degree in information systems, Computer Science or equivalent combination of education, training, or work experience. One or more of the following industry certifications or equivalent is preferred: CEH, ISO 27001 LI, PCI DSS implementation A minimum of 2 years relevant industry experience in information security or 2 years in information security with an additional 2-year industry experience in IT system audit and/or system/network administration.

Experience with security compliance frameworks (e.g., PCI DSS, SOC 2), and control testing strategies).

Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps.

Cyber security business and systems subject matter expertise - especially in Application Security, Data Security, Data Governance, and Network Security domains.

The ideal candidate will have general working knowledge of security needs for operating systems, databases, applications, Web services, user devices, and networks; experience with vulnerability scanning and intrusion detection techniques

Working knowledge of the security issues/concerns that impact enterprise environments and related technologies that can address these security concern and general knowledge of IT Audit techniques.

Have experience drafting and communicating security policies, standards, guidelines, and procedures.

Support the review of third parties for compliance to company standards and industry regulations.

Review application security risk assessments for new or updated internal or third-party applications

Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization.

Experience developing security programs (e.g., IT Risk Assessment, Compliance, Vulnerability Management, Vendor Security)

Develops and updates a centralized repository of security policies, standards and controls aligned with corporate and regulatory requirements

information to derive decisions about risk acceptance and risk mitigation, and identifies strategies to reduce information security risk.

Coordinate PCI and Soc 2 attestation activities, monitor process owners to ensure ongoing compliance is organized, structured, accurate and current.

Perform application and technology design reviews, requirements analysis and risk remediation planning.

Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in local, state, federal and international laws, and regulations (e.g. PCI, SOC2 Typ2)

Lead the information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business, and operational applications and systems across the company.

Coordinates the development, management approval, and communication of IT security risks across the company.

Proactively monitor, analyze, and provide guidance on security vulnerabilities and incidents to support remediation activities

Ensuring the identification, tracking, prioritization, and remediation of all internal/external compliance requirements

Provides technical advice to those who install, administer, and update computer-based systems.

Additional duties as assigned by the Head of Cybersecurity.

Logs review and understanding (IPS, Windows, Antivirus, HIDS, Backup)

Response to RFI questionnaire ( Client Questionnaire )

Awareness training to new joining user.

Call / whats app : 9167125070